Fips zeroize, Fips zeroize, pr, Zeroize, pr – Brocade Network OS Command Reference v4.1.0 User Manual

Page 326

Advertising
background image

288

Network OS Command Reference

53-1003115-01

fips zeroize

2

fips zeroize

Removes all critical security parameters from a switch in readiness for compliance with Federal
Information Processing Standards (FIPS) and reboots the switch.

Synopsis

fips zeroize

Operands

None

Defaults

The switch operates in the non-FIPS compliant state.

Command Modes

Privileged EXEC mode

Description

Use this command to erase all critical security parameters from the switch in readiness for FIPS
compliance including passwords, shared secrets, and private keys. This command also reboots
the switch. If FIPS self tests are enabled and they run successfully during reboot, then the switch
comes up in the FIPS-compliant mode. If the FIPS self tests return errors, the switch reboots and
runs the tests again.

Typical use of this command is after disabling non-FIPs compliant features, configuring secure
ciphers, and enabling FIPS self tests with the fips selftests command. These non-FIPS compliant
features that must be disabled include Brocade VCS Fabric mode, the Boot PROM, root access,
TACACS+ authentication, and the dot1x feature. Secure ciphers that must be configured are for
the SSH protocol and (optionally) for the Lightweight Directory Access Protocol (LDAP) protocol.
Refer to the Network OS Administrator’s Guide for details about preparing a switch for FIPS
compliance.

Usage Guidelines

Under normal operation, this command is hidden to prevent accidental use. Enter the unhide fips
command with password “fibranne” to make the command available.

This command applies only in the standalone mode. This command can be entered only from a
user account with the admin role assigned.

CAUTION

This command should be used only by qualified personnel. Once a switch is in the FIPS-compliant
state, you cannot return it to the non-FIPS compliant state.

Examples

To erase all critical security parameters from a switch:

switch# unhide fips

Password: *****

switch(config)# fips zeroize

This operation erases all passwords, shared secrets, private keys etc. on the

switch. Do you want to continue? [yes,NO] yes

See Also

fips selftests, fips root disable, prom-access disable, show prom-access, unhide fips

Advertising
See also other documents in the category Brocade Computer Accessories: